Treasury Dept IT System Flagged for Security Issues

Newsletter

MOST POPULAR

Advertisement

Serious tech troubles at the Treasury Department are so severe that they could disrupt accounting practices within a system that manages about $16.7 billion of federal debt.

The Government Accountability Office flagged at least 20 problems within the Bureau of the Fiscal Service’s tech system—all of which involve security management issues. Of the deficiencies GAO identified, 14 are brand new and six are problems that were detected in 2012 and were never corrected.

The auditors said the issues constitute a "significant deficiency" for financial reporting purposes.

The weaknesses "increase the risk of unauthorized access, modification or disclosure of sensitive data and programs, which could result in the disruption of critical operations," Gary Engel, GAO director for financial management and assurance, wrote in an audit last week, NextGov first reported.

The Fiscal Service commissioner addressed the auditor’s findings and said the agency is currently taking actions to resolve the issues.

"Fiscal Service will continue to look for efficient and effective ways to improve and ensure the consistent application of agency-wide security controls over all systems," the final audit states.

The GAO is expected to check on the status of the deficiencies later this year.

This is only the latest tech trouble coming out of the Treasury Department. Other agencies, including the Internal Revenue Service, have had a spate of their own technological disasters. Just last week, the GAO released a separate report flagging security weaknesses in the Federal Deposit Insurance Corporation’s financial IT systems.

The auditors said that although the FDIC, which had previously struggled with tech troubles, had “made progress in securing” its financial systems, it had failed to implement specific recommendations made by GAO, which has led to vulnerabilities in the “confidentiality, integrity and availability of financial systems and information.”

“FDIC did not fully or consistently implement aspects of its information security program,” the report said.

For example, GAO said the FDIC failed to put in place controls for identifying and authenticating users or restricting access to sensitive data. The FDIC also hadn’t encrypted sensitive data or conducted background investigations on employees.

Without implementing these controls, auditors said the FDIC’s systems are exposed to an “unnecessary risk of inadvertent or deliberate misuse, improper modification, unauthorized disclosure or destruction.”

For its part, the agency said it would implement such controls by the end of the year.